You may find it useful.
Regards Neal Horman On 4/5/17 5:23 PM, Erik Kangas, Ph.D. wrote:
Thanks.We already pre-generate the DH parameters for sendmail and have them sitting around in a dhparms.pem file unique to the server. I wonder if anyone has created a patch that allows UW IMAP to read such a file and supply the parameters?-Erik Kangas On April 5, 2017 06:07:15 pm EDT, "Dan Lukes" <[email protected]> wrote: Erik Kangas, Ph.D. wrote: > Has anyone found a way to get the Diffie Hellman TLS v1.2 ciphers (e.g.. > DHE-RSA-AES256-GCM-SHA384) to work with UW IMAP / Panda IMAP? In order to perform a DH key exchange the server must use a DH group (DH parameters) and generate a DH key. UW IMAP neither generate DH parameters on the fly nor supply the parameters - thus no DHE can be negotiated. You may patch the code and use SSL_CTX_set_options(3) to set SSL_OP_SINGLE_DH_USE option, but generating DH parameters on the fly is extremely time consuming. Dan _______________________________________________ Imap-uw mailing list [email protected] http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Imap-uw mailing list [email protected] http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
